Local subnet with public domain? - TCP-IP

This is a discussion on Local subnet with public domain? - TCP-IP ; Hi, I'm just getting the basics of DNS, by working through the Linux-DNS-Howto. I have a 192.168 subnet behind a NAT-router and a public domain, whose DNS, mail and web server are hosted at an external company (let's say it ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Local subnet with public domain?

  1. Local subnet with public domain?

    Hi,

    I'm just getting the basics of DNS, by working through the
    Linux-DNS-Howto. I have a 192.168 subnet behind a NAT-router and a
    public domain, whose DNS, mail and web server are hosted at an external
    company (let's say it is domain.com, which is actually not true, of
    course). I would like to use this domain name also in my internal
    network. First to avoid ugly domain.invalid names, second to learn DNS
    better.

    So my first question will I run into trouble, when I just want to
    configure a local bind9 server, to resolve my local names in my 192.168
    subnet, when at the same time I also want correct resolution for the
    external servers www.domain.com, mail.domain.com?

    Do I need different "views" to achieve my goal? At the moment I don't
    know what "view" actually means, I just got this term from a FAQ to a
    related question.

    My local bind will not be authorative for the complete domain, as I
    can't influence the externally hosted servers and IP. What do I have to
    tell my bind, to handle this situation?

    Thanks in advance for your help. Any pointers to docs, which handle my
    special problem are welcome.

    Ciao
    Siegbert

  2. Re: Local subnet with public domain?

    Begin <440f06f6$1@news.uni-ulm.de>
    On 2006-03-08, Siegbert Baude wrote:
    > So my first question will I run into trouble, when I just want to
    > configure a local bind9 server, to resolve my local names in my 192.168
    > subnet, when at the same time I also want correct resolution for the
    > external servers www.domain.com, mail.domain.com?


    Rememer that domains are hierarchical. So with your example.com
    registered and hosted somewhere, you could simply setup a
    home.example.com with all the local names in them. Then on the local
    machines, set the searchpath to home.example.com for lazy typing.


    > Do I need different "views" to achieve my goal? At the moment I don't
    > know what "view" actually means, I just got this term from a FAQ to a
    > related question.


    Views allow you to split up what you're showing different parts of
    the network. With it, you can do something like this: requests coming
    in from ``local'' get answers from the full zone, and requests from
    ``elsewhere'' get answers while only looking at the external zone.


    > My local bind will not be authorative for the complete domain, as I
    > can't influence the externally hosted servers and IP. What do I have to
    > tell my bind, to handle this situation?


    In the hierarchical case, you could opt to tell the authoritative
    servers for example.com where to look for home.example.com. Since it is
    a local-only zone with private addresses and no use for anyone else,
    you can skip that step. You then simply tell the local dns that it is
    authoritative for home.example.com and to look elsewhere for all the
    rest.

    In the scenario as you originally envisioned, you will have a problem,
    as split authority within a zone was not a design parameter of dns. It
    can probably be worked around with some scripting or simply hand-merging
    the zones and hope the externally sucked in parts don't change. With
    sub-zones, the problem reduces to what dns is normally used for.


    > Thanks in advance for your help. Any pointers to docs, which handle my
    > special problem are welcome.


    Use the hierarchical approach, it's a solved problem, and well
    documented. BTW, don't forget to setup a reverse zone for the private
    range you're using, if only to avoid leakage of those queries to the
    root servers.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  3. Re: Local subnet with public domain?

    jpd schrieb:
    > Siegbert Baude wrote:


    First, thanks jpd for your fast answer. :-)

    >> So my first question will I run into trouble, when I just want to
    >> configure a local bind9 server, to resolve my local names in my 192.168
    >> subnet, when at the same time I also want correct resolution for the
    >> external servers www.domain.com, mail.domain.com?

    >
    > Rememer that domains are hierarchical. So with your example.com
    > registered and hosted somewhere, you could simply setup a
    > home.example.com with all the local names in them. Then on the local
    > machines, set the searchpath to home.example.com for lazy typing.


    Ah, I didn't think of a subdomain, but this seems to be the easiest
    solution. I will try this and come back here, if I encounter any
    problems with the setup.

    > BTW, don't forget to setup a reverse zone for the private
    > range you're using, if only to avoid leakage of those queries to the
    > root servers.


    I already tried this without using a subdomain (so my local hosts were
    called pc1.example.com, pc2.example.com,...), but reverse lookup didn't
    work (normal lookup did however). This was the moment, when I started to
    think, if my approach is really sensible. But it could have been also
    just a misconfiguration on my side, as I'm new to DNS setups.

    Ciao
    Siegbert

+ Reply to Thread